Course Description

This follow-up to the developer track of the Windows Internals course allows organizations to train a subset of their developers beyond the skills needed for writing efficient code, and also arming them with the knowledge on how to debug and troubleshoot deep system problems using the Microsoft Kernel Debugger, as well as adding several new components to the course curriculum, such as the Configuration Manager (in charge of the registry), the User-mode Loader (in charge of DLLs), and the Advanced Local Procedure Call (ALPC) mechanism (in charge of DCOM, RPC, User-mode Driver Communication, and more…).

Additionally, this course contains most of the security-focused content of the security track (which developers would’ve missed out on), giving access to the trainees to inside information on how their own drivers and applications may be misused to become the unwitting participants of an exploit or attack against a machine. Developers often think from a very pragmatic point of view about their interfaces and level of access, not realizing that peculiarities, oddities, and sometimes outright bugs in the kernel could be working to undermine their efforts in securing their data and code.

Finally, for organizations that are solely security-focused and are thinking about requesting the security track of the developer course, as the advanced course would provide the entire security track duplicated yet again, we recommend instead considering if 10 days of training (which can be split across the calendar year) may work better — giving your analysts and researchers good background information on Windows in the developer track — and then augmenting it with the security information they would’ve gotten had they taken the security track, plus all the additional content offered in the advanced course (such as process creation semantics, and user-mode loader internals).

Advanced Course Outline

Introduction and Tools

WinDBG Primer

CPU Architecture & Deep OS Fundamentals

Extended Executive Components

Advanced Process Management & Loader

Low-Level Memory Forensics

Windows Subsystem

Windows Bug Analysis

In-Depth Topics

As in the security track of the Windows Internals course, the following topics and concepts are covered.